b'                             Office of the Inspector General\n\nNovember 30, 1998\n\nKenneth S. Apfel\n\nCommissioner of Social Security\n\n\nActing Inspector General\n\n\n\nSoftware Development and Maintenance Controls at the Social Security Administration\n\n\n\nThe attached final report presents the results of our review of software development\n\nand maintenance controls at the Social Security Administration (SSA) (A-13-96-11000).\n\nThe objective of our review was to assess controls over application software\n\ndevelopment and maintenance at SSA.\n\n\nYou may wish to comment on any further action taken or contemplated. If you choose\n\nto offer comments, please provide them within the next 60 days. If you wish to discuss\n\nthe final report, please call me or have your staff contact Pamela J. Gardiner, Assistant\n\nInspector General for Audit, at (410) 965-9700.\n\n\n\n\n\n                                                       James G. Huse, Jr.\n\nAttachment\n\x0c             \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd      \n\n    \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd             \n\n\n\n\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd            \n\n\n\n\n   \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n    \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n       \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n          \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n\n\n   \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n\n\n\n\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n\x0c                      E X E C U TI V E S U M M ARY\n\n\nOBJECTIVE\n\nThe objective of this audit was to assess controls over application software\ndevelopment and maintenance at the Social Security Administration (SSA).\n\nBACKGROUND\n\nThe Office of Management and Budget (OMB) Circular A-130, Security of Automated\nInformation Resources, requires that a program be developed ensuring all information\nthat is collected, processed, transmitted, stored, or disseminated in general support\nsystems and major applications is adequately safeguarded. Also, the\nPrivacy Act of 1974 requires that each agency maintaining a system of records have\nadministrative, technical, and physical safeguards ensuring records are secure and\nkept confidential and protecting the records from any security or integrity hazard. To\ncomply with these requirements, it is important to have a clearly defined approach to\nsoftware development and maintenance. In 1985, SSA established the Software\nEngineering Technology (SET) manual defining the processes by which all systems are\ndeveloped and maintained. It was also intended to document the standards,\nprocedures, guidelines, and automated tools which are to be used in the software\ndevelopment and maintenance process. The latest revision to SET was in May 1994.1\nWe initiated this audit to ensure that SSA is meeting these requirements.\n\nAnnually, SSA processes about 240 million earnings records, pays monthly benefits to\nover 50 million individuals, and issues new or replacement Social Security cards to\nabout 16 million people. To accomplish this vital mission, SSA maintains an automated\nsystem that consists of four basic programmatic business functions: (1) enumeration;\n(2) earnings; (3) Retirement, Survivors and Disability Insurance claims and post-\nentitlement processing; and (4) Supplemental Security Insurance claims and post-\neligibility processing. Each of these functions involves hundreds of software programs\nthat are required to be developed according to SET. These programs are continuously\nbeing modified due to legislative changes and the initiatives set forth by the\nCommissioner of Social Security. Additionally, SSA is undertaking several major\nmodernization projects to more efficiently serve the public, which includes distributing\nselected business functions between Headquarters and SSA\xe2\x80\x99s field components.\n\nField work was performed at SSA Headquarters in Baltimore, Maryland between\n\n\n1\n    There is also a 1997 draft version of SET that has not been implemented.\n\n\n                                                     \xef\xbf\xbd\n\n\x0cJanuary and October 1997. We reviewed four software projects that were completed\nduring 1996 for compliance with key SET requirements. Two were newly developed\nsoftware and two were software maintenance releases for cyclical updates. This review\nfocused primarily on the planning through the evaluation stages of SSA\xe2\x80\x99s systems\ndevelopment life-cycle (SDLC). The later phases of the SDLC were covered under a\nseparate review.\n\nRESULTS OF REVIEW\n\nSSA\xe2\x80\x99s staff working on the four projects reviewed either did not follow SET procedures\nor substituted their own methods for documenting and controlling projects. We believe\nthis occurred because SET is difficult to use, especially in today\xe2\x80\x99s dynamic systems\nenvironment. In addition, SET does not differentiate between mandatory standards and\ndiscretionary guidelines. Also, SSA is focused on piloting future methodologies and is\nno longer enforcing current standards. Specific findings were:\n\n      \xe2\x80\xa2\t authorizations that were required at key points in the SDLC were not always\n         clearly documented;\n\n      \xe2\x80\xa2   documentation was not kept in a central repository;\n\n      \xe2\x80\xa2\t critical problems that were identified during validation were not always resolved\n         or analyzed for their effect; and\n\n      \xe2\x80\xa2   quality assurance reviews were no longer being performed.\n\nIn its audit of SSA\xe2\x80\x99s Fiscal Year (FY) 1997 financial statements,\n                           2\nPricewaterhouseCoopers reported that SSA needs to improve its software application\ndevelopment, as well as change control policies and procedures, and consider this\ncondition to be an internal control weakness under the Federal Managers\xe2\x80\x99 Financial\nIntegrity Act (FMFIA) of 1982. Our findings corroborate the concerns of\nPricewaterhouseCoopers. Weaknesses in the software development and maintenance\nprocess increase the risk that unauthorized or untested changes could be introduced\ninto the production environment which would reduce the reliability of information being\nprocessed.\n\n\n\n\n2\n    Formerly known as Price Waterhouse.\n\n\n                                              \xef\xbf\xbd\xef\xbf\xbd\n\n\x0cCONCLUSIONS AND RECOMMENDATIONS\n\nSSA needs to establish an organizational commitment toward greater consistency and\ndiscipline in its software development and maintenance process. We recommend that\nSSA:\n\n   \xe2\x80\xa2\t Enforce the requirements for authorizations and documentation at key points in\n      the SDLC.\n\n   \xe2\x80\xa2\t Establish procedures in SET for maintaining critical documents in a central\n      repository.\n\n   \xe2\x80\xa2\t Enforce the requirement that high priority problems discovered during validation\n      be resolved before the software is released to production.\n\n   \xe2\x80\xa2   Reinstate quality assurance reviews prescribed in SET.\n\nSSA agreed with our recommendations. Currently SSA is implementing pilot projects\nrelating to our first two recommendations. In response to our third recommendation,\nSSA stated that when possible, it will remove changes where problems have occurred\nand implement the changes in a later release. Finally, SSA stated that it plans to\nreinstate quality assurance reviews and is piloting integrated quality assurance reviews\nwithin the framework of the capability maturity model (CMM). Appendix A includes a\ncopy of the complete text of SSA\xe2\x80\x99s comments.\n\n\n\n\n                                           \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n\x0c                         TAB L E O F C O N TE N TS\n\n\n                                                                                                              Page\n\nEXECUTIVE SUMMARY.......................................................................................... i\n\n\nINTRODUCTION .................................................................................................... 1\n\n\nRESULTS OF REVIEW .......................................................................................... 5\n\n\n         AUTHORIZATIONS REQUIRED AT KEY POINTS IN THE\n\n         PROCESS NEED TO BE CLEARLY DOCUMENTED ................................. 5\n\n\n         ESSENTIAL DOCUMENTS NEED TO BE KEPT IN A CENTRAL\n\n         RESPOSITORY ........................................................................................... 6\n\n\n         CRITICAL PROBLEMS IDENTIFIED DURING VALIDATION NEED\n\n         TO BE RESOLVED ...................................................................................... 7\n\n\n         QUALITY ASSURANCE REVIEWS SHOULD BE PERFORMED ................ 8\n\n\nCONCLUSIONS AND RECOMMENDATIONS ....................................................... 9\n\n\nAPPENDICES\n\nAPPENDIX A \xe2\x80\x93 SSA Comments\n\n\nAPPENDIX B \xe2\x80\x93 Major Contributors to This Report\n\n\nAPPENDIX C \xe2\x80\x93 SSA Organizational Chart\n\n\x0c                         I N TR O D U C TI O N\n\n\nOBJECTIVE\n\nThe objective of this audit was to assess controls over application software\ndevelopment and maintenance at SSA.\n\nBACKGROUND\n\nOMB Circular A-130, requires that a program be developed ensuring all information that\nis collected, processed, transmitted, stored, or disseminated in general support\nsystems and major applications is adequately safeguarded. Also, the Privacy Act of\n1974 requires that each agency maintaining a system of records have administrative,\ntechnical, and physical safeguards ensuring security and confidentiality of records and\nprotecting those records from any anticipated security or integrity hazard. To comply\nwith these requirements, it is important to have a clearly defined approach to software\ndevelopment and maintenance. SSA relies on SET standards and procedures to\nachieve the desired security and integrity within SSA systems.\n\nAnnually, SSA processes about 240 million earnings records, pays monthly benefits to\nover 50 million individuals, and issues new or replacement Social Security cards to\nabout 16 million people. To accomplish this, SSA maintains an automated system that\nconsists of four basic programmatic business functions: (1) enumeration; (2) earnings;\n(3) Retirement, Survivors and Disability claims and post-entitlement processing; and\n(4) Supplemental Security Insurance claims and post-eligibility processing. Each of\nthese functions involves hundreds of software programs that are continuously being\nmodified due to legislative changes and the Commissioner\xe2\x80\x99s initiatives. Also, SSA is\nundertaking several major modernization projects to better serve the public.\n\nSSA\xe2\x80\x99s Dynamic Systems Environment\n\nSSA is ending its reliance on centralized mainframe computers for programmatic\napplications. Instead, SSA is developing field-based computing systems to operate in\ncooperation with each other. Therefore, in the future, selected business functions will\nbe distributed between Headquarters and SSA\xe2\x80\x99s field components for processing. This\nchange presents a challenge. Applications will be more complex; thereby, increasing\nthe need for new, more advanced skills. The staff that is developing, using, and\nmaintaining the new applications will likely experience a cultural change. A well-\n\n\n\n\n                                            \xef\xbf\xbd\n\n\x0cdefined, disciplined development and maintenance process will aid in supporting the\nstaff in this environment. Equally important, this process will contribute significantly to\nthe integrity and maintainability of the new applications.\n\nSSA\xe2\x80\x99s Software Engineering Technology\n\nIn 1985, SSA developed a systems engineering environment management plan.\nIncluded in this plan was the SET manual. SET was developed to define the processes\nby which all systems are developed and maintained within SSA. By providing a\nframework of standards, procedures, and tools, SET is intended to:\n\n\xe2\x80\xa2   ensure the usability of software,\n\xe2\x80\xa2   maximize error detection in the early stages of development,\n\xe2\x80\xa2   improve software maintainability, and\n\xe2\x80\xa2   improve responsiveness to user requirements.\n\nSSA has a new initiative to improve its software process. SSA\xe2\x80\x99s software process\nimprovement program is following the capability maturity model that was recommended\nby the Software Engineering Institute at Carnegie Mellon University. Several pilots are\nunderway using new processes. However, it will be sometime before any agencywide\nchanges are implemented. SSA also drafted a new version of SET in February 1997\nbut has not adopted it as the Agency\xe2\x80\x99s standards. Therefore, SSA\xe2\x80\x99s current standards\nand procedures are found in the SET manual that was revised in May 1994.\n\nSET identifies the activities that are to take place in each stage of SSA\xe2\x80\x99s SDLC and the\nproducts needed for documentation. SET is organized into 15 parts that are contained\nin 7 large volumes.\n\n\n\n\n                                             \xef\xbf\xbd\n\n\x0cSSA\xe2\x80\x99s Systems Development Life Cycle\n\nSSA\xe2\x80\x99s SDLC is shown in the following table.\n\n           Stage                                     Purpose\n\n    Planning Stage\t       To develop an Automated Data Processing (ADP) Plan\n                          project proposal for systems development or change, or to\n                          determine need for maintenance or minor modifications not\n                          requiring formal ADP Plan approval.\n\n    Requirements          To analyze user needs and define user requirements at a\n    Definition and        level sufficiently detailed to permit system design and to\n    Analysis Stage        develop a validation plan establishing a minimum level of\n                          acceptable performance.\n\n    Design Stage          To translate detailed functional requirements (DFR) into\n                          detailed program specifications.\n\n    Development Stage     To translate the DFR into executable computer programs.\n\n    Evaluation Stage\t     To verify that the functional requirements are met by the\n                          software and there are no adverse effects to the overall\n                          process.\n\n    Operational           To test validated application software in a production\n    Integration and       environment.\n    Testing Stage\n    Operations Stage      To address activities taking place during the production life.\n\n    Post-implementation To ensure user needs are met and products perform as\n    Review Stage        expected.\n\n\nSCOPE AND METHODOLOGY\n\nWe used a variety of methods to achieve our objective. These included reviewing:\n(1) applicable laws, regulations, and guidelines; (2) OMB Circular A-130; (3) the\nPrivacy Act of 1974; and (4) Federal Information Processing Standards Publication 106,\nGuideline on Software Maintenance.\n\nWe reviewed SET and identified pertinent products SET requires that we believed\nwould provide documentation to meet our objective. We then selected four software\nprojects that were completed during 1996 to determine whether they were in\ncompliance with these provisions. Two were newly developed software - Modernized\n\n\n                                          \xef\xbf\xbd\n\n\x0cClaims System Release 3.6 (MCS 3.6) and Drug Abuse and Alcoholism (DA&A). Two\nwere software maintenance projects requiring cyclical updates - Benefit Rate Increase\nand Annual Wage Reporting for Tax Year 1995 (AWR 95). We interviewed SSA staff\nand reviewed the documentation prepared for the software development or\nmaintenance for these four projects.\n\nThis review focused primarily on the first five stages of SSA\xe2\x80\x99s SDLC from planning\nthrough evaluation stages. The other stages will be covered in separate reports in the\nnear future. We limited our assessment of internal controls to the required SET\nprocedures that related to the objective of our audit. Field work was performed at SSA\nHeadquarters in Baltimore, Maryland, from January through October 1997. We\nconducted this audit in accordance with generally accepted government auditing\nstandards.\n\n\n\n\n                                          \xef\xbf\xbd\n\n\x0c                        R E S U LTS O F R E V I E W \n\n\nSSA has had a comprehensive methodology for software development and\nmaintenance since 1985 when it developed its systems engineering environment plan.\nThe SET manual, which was part of this plan, sets forth SSA procedures. The\nobjectives of SET are sound.3 The findings show that because SET is difficult to use,\nSSA members bypassed SET procedures or substituted their own methods of\ndocumenting and controlling projects, especially when faced with stringent time frames.\n\n\nIn its audit of SSA\xe2\x80\x99s FY 1997 financial statements, PricewaterhouseCoopers reported\nthat SSA needs to improve its software application development, change control\npolicies and procedures, and consider this condition to be an internal control weakness\nunder FMFIA. Our findings corroborate PricewaterhouseCoopers\xe2\x80\x99 concerns.\nWeaknesses in the software development and maintenance process increase the risk\nthat unauthorized or untested changes could be introduced into the production\nenvironment which would reduce the reliability of the information processed. We found\nthe following areas of concern.\n\nAUTHORIZATIONS REQUIRED AT KEY POINTS IN THE PROCESS\nNEED TO BE CLEARLY DOCUMENTED\n\nSET requires preparation of DFRs before software is designed and developed.4 During\nthe development process, DFRs were prepared for three of the four projects. For the\nsoftware development relating to DA&A legislation, DFRs were not prepared until after\nthe software was implemented. During the design and development phases, the\nfunctional requirements were defined in an ad hoc manner and were also relayed\nbetween components informally. The informal DFRs were 7 pages in length compared\nto the 133 pages of the formal DFRs that were prepared after the software was\nimplemented. Findings show that critical information can be omitted when using an\ninformal abbreviated document. We were informed that upper management decided to\nforego normal procedures because of the stringent time frames. Formal DFRs are\nimportant for several reasons. They document the service level requirements and\nidentify audit, security, and privacy controls. They also detail the validation plan, which\n\n\n\n3\n Part 10, Chapter 15.2 describes the objectives which include providing a vehicle for communication\nand providing a framework for introducing standards to ensure software usability and maintainability,\nmaximum error detection, and improving responsiveness to user requirements.\n4\n    Part 30, Chapter 20.2.1.\n\n\n                                                   \xef\xbf\xbd\n\n\x0ctends to establish a level of acceptable performance. DFRs are a prerequisite for\ndesign and development stages of the SDLC and SET requires preparation of DFRs\nbefore software is designed and developed. Without this properly approved document,\nuser needs may not be met. Without proper management control, there is risk that\nunauthorized or erroneous changes can be made to software, which would reduce the\nreliability of information processed.\n\nSET requires preparation of a Systems Release Certification5 (SRC) for software\nreleases requiring a validation plan. However, for two of the four projects we reviewed,\nthe authorizations to release the software were given orally rather than by an SRC. We\nbelieve the SRC is a key document because it shows that officials in the responsible\ncomponents certify the acceptability of changes. For example, it documents the Office\nof Systems Requirements certification that: (1) changes have been validated;\n(2) validation results conform to functional requirements; (3) procedures, training, and\nforms have been provided to end users; (4) control, auditability, security, and privacy\nrequirements are met; and, (5) users were notified of the implementation date. Without\nthe signed SRC, there is no assurance that all responsible components agree that the\nsoftware is ready for release.\n\nSSA\xe2\x80\x99s systems life-cycle embraces an interactive team approach to systems\ndevelopment. According to SET, users are to be substantially involved in the planning\nphase.6 They are responsible for the user planning team report with recommendations,\nwhich is a management decisionmaking document. This documentation was not\navailable for the two new software releases we reviewed. We did note that a core\ngroup was convened for the DA&A software process. However, the core group\nsubstituted their own control and tracking methods, and instead of issuing a team\nreport, developed an issue and resolutions chart. Without a defined and consistent\nprocess, there is no assurance that all important documentation and authorizations will\nbe obtained. Properly authorized documentation is essential to protect against\nerroneous changes and weakened security controls. These documents should be\nmaintained for as long as a system is in operation in case questions arise regarding\nwhy or when certain modifications were adopted.\n\nESSENTIAL DOCUMENTS NEED TO BE KEPT IN A CENTRAL\nREPOSITORY\n\nThere was no central repository for essential documents making retrieval difficult and\ntime consuming. For the four projects, we were not able to go to one location to obtain\nproject documentation. We were referred to multiple components and several staff\n\n\n\n\n5\n    Part 60, Chapter 30.7.\n6\n    Part 20, Chapter 30.2.3.\n\n\n                                           \xef\xbf\xbd\n\n\x0cmembers before we could determine if a document had been prepared and could be\nobtained, if it existed. For example, we had to contact five people in three components\nto determine whether there was an SRC for the DA&A software releases and how\nauthorization was given. Easy retrieval of important documents is essential for the\nintegrity and maintainability of software. Properly authorized documents should be kept\nin one central place and remain readily available for review while an application is in\noperation.\n\nCRITICAL PROBLEMS IDENTIFIED DURING VALIDATION NEED TO BE\nRESOLVED\n\nSET requires that problems found during validation be reported and resolved. If the\nproblems are not resolved, an estimate is to be prepared of their effect on the system,\nthe public, and SSA\xe2\x80\x99s operating components.7 SET requires that an analysis be made\nof unresolved errors to determine if the level of a problem is within acceptable\ntolerances. We believe this is an important standard to ensure the integrity of software\nand one that should not be compromised. However, we found that for two of the four\nsystems reviewed, software that contained critical problems was released to\nproduction.\n\n\xe2\x80\xa2\t Because of the pressure to meet target dates, software modifications were released\n   for AWR 95 with 7 critical problems and 17 high-priority problems unresolved.\n   Because of these problems, several workloads in operating components had to be\n   interrupted until the software problems were resolved. Moreover, we believe this\n   situation increased the risk of erroneous data being processed to earnings records.\n    For example, the validation process identified two records that did not correctly\n   reflect domestic service or tip wages. One record reflected wages of $21,693 that\n   should have been $19,565. Another reflected wages of $17,893 that should have\n   been $15,997. Without correcting problems identified during the validation process,\n   incorrect benefits could be paid, such as overpayments for these records.\n\n\xe2\x80\xa2\t Software for MCS 3.6 was released with two high-priority problems unresolved. One\n   problem affected the amount of benefit payment because the worker\xe2\x80\x99s\n   compensation offset was not always applied correctly. The validation process for\n   MCS 3.6 identified a case where the software failed to reduce a beneficiary\xe2\x80\x99s\n   monthly benefit by $124.20 to offset the worker\xe2\x80\x99s compensation he was\n   receiving. This problem was reported on November 7, 1996, and again on\n   November 25, 1996. Nevertheless, the software was implemented on\n   December 9, 1996. As of August 1997, 8 months after the MCS 3.6 software was\n   implemented, the problem still had not been resolved because the cause of the\n   problem could not be identified. This problem could cause incorrect monthly benefit\n   payments and create overpayments. SSA did not analyze the number of\n\n\n7\n    Part 60, Chapter 30.6.2.5.\n\n\n                                           \xef\xbf\xbd\n\n\x0c      beneficiaries that may be affected or the amount of overpayments that may occur to\n      determine whether the problem was within an acceptable tolerance. This is another\n      example where unresolved problems could affect one of SSA\xe2\x80\x99s primary missions,\n      that of paying beneficiaries correctly.\n\n\xe2\x80\xa2\t Another problem associated with MCS 3.6 affected information on notices sent to\n   beneficiaries who filed for benefits under their own SSN (earnings record) and also\n   on the earnings record of their spouse. Notices for these cases were not explaining\n   the basis for the benefit calculation. The notices needed to explain which\n   earnings record provided the largest benefit. This condition was reported on\n   December 4, 1996, but a decision was made not to correct it until the scheduled\n   release of MCS 3.6.1 software in August 1997. SSA made this decision because it\n   believed difficulties would be encountered in validating a maintenance release. Not\n   resolving problems such as this will affect SSA\xe2\x80\x99s goal of providing clear notices to\n   the public.\n\nQUALITY ASSURANCE REVIEWS SHOULD BE PERFORMED\n\nSET states that the quality assurance process must ensure systems development\nstandards are in place, and, when they are used, they produce products that meet\nrequirements and are fit for use. The objective of the quality assurance program must\nbe to produce products that are free of defects.8 The Office of Systems Planning and\nIntegration (OSPI) is responsible for quality assurance. We contacted staff from OSPI\nto determine whether the projects selected for our review were also selected for SSA\xe2\x80\x99s\nquality assurance reviews. OSPI staff informed us that no quality assurance reviews\nhad been performed in more than 2 years because resources were focused on piloting\nmethodologies for the future. As our review revealed, without monitoring and\nenforcement of standards, the quality assurance objective of SET is not being met. As\na result, beneficiaries may not receive world-class service and may be paid incorrectly.\n\n\n\n\n8\n    Part 110, Chapter 10.\n\n\n                                             \xef\xbf\xbd\n\n\x0c CONCLUSIONS AND RECOMMENDATIONS\n\n\nWe concluded that discipline and consistency in SSA\xe2\x80\x99s current systems development\nand maintenance process has deteriorated for several reasons. SET is difficult to use,\nespecially in today\xe2\x80\x99s dynamic systems environment. Also, it does not clearly\ndifferentiate between mandatory standards and discretionary guidelines. In addition,\nwe believe SSA is focused on piloting methodologies for the future and is no longer\nenforcing current standards. SSA needs to establish an organizational commitment to\nrestoring consistency and discipline in its present process while it plans for the future.\n\nWe recommend that SSA:\n\n1. \t Enforce the requirements for authorizations and documentation at key points in the\n     SDLC.\n\n2. \t Establish procedures in SET for maintaining critical documents in a central\n     repository.\n\n3. \t Enforce the requirement that high priority problems discovered during validation be\n     resolved before the software is released to production.\n\n4. Reinstate quality assurance reviews prescribed in SET.\n\nSSA agreed with our recommendations. Currently SSA is implementing projects\nrelating to our first two recommendations. In response to our third recommendation,\nSSA stated that it will when possible, remove changes where problems have occurred\nand implement the changes in a later release. Finally, SSA stated that it plans to\nreinstate quality assurance reviews and is piloting integrated quality assurance reviews\nwithin the framework of CMM. Appendix A includes a copy of the complete text of SSA\xe2\x80\x99s\ncomments.\n\n\n\n\n                                             \xef\xbf\xbd\n\n\x0cAPPENDICES\n\n\x0c                        APPENDIX A\n\n\n\nS S A C O M M E N TS\n\n\x0c                                                                             APPENDIX B\n\n\n\nMAJOR CONTRIBUTORS TO THIS REPORT\n\n\nOffice of the Inspector General\n\nDon Franklin, Director, Systems Audits\n\nBruce Daugherty, Audit Manager\n\nJean Lynch, Senior Auditor\n\nRandy Townsley, Senior Auditor\n\nGreg Hungerman, Program Analyst\n\nHarold Hunter, Senior Auditor\n\n\n\nFor additional copies of this report, please contact the Office of the Inspector General\xe2\x80\x99s\n\nPublic Affairs Specialist at (410) 966-9135. Refer to Common Identification Number\n\nA-13-96-11000.\n\n\x0c                                   APPENDIX C\n\n\n\nS S A O R G AN I Z ATI O N AL C H AR T\n\n\x0c'